ethics, privacy and computer forensics chap 14 network basics for digital investigation
TRANSCRIPT
Ethics, Privacy and Ethics, Privacy and Computer ForensicsComputer Forensics
Chap 14 Network Basics For Chap 14 Network Basics For Digital InvestigationDigital Investigation
Overview of NetworksOverview of Networks
Imagine a long long cord …. These are networksImagine a long long cord …. These are networks Computer connected to a network is called hostComputer connected to a network is called host NIC – network interface card is the primary NIC – network interface card is the primary
interface with a networkinterface with a network Use hubs, routers, etc. to connect networks of Use hubs, routers, etc. to connect networks of
computerscomputers Computers connected to the global internet use a Computers connected to the global internet use a
protocol called TCP/IPprotocol called TCP/IP Enable communication of dissimilar networksEnable communication of dissimilar networks Common language of network talkCommon language of network talk An IP address is the address of a host on the network An IP address is the address of a host on the network
just like a phone numberjust like a phone number
Overview of NetworksOverview of Networks
Routers are highly susceptible to Routers are highly susceptible to attacks because they are critical to attacks because they are critical to communicationcommunication
Firewalls are security devices that block Firewalls are security devices that block service and traffic destined to a certain service and traffic destined to a certain portport
Network services include Telnet and FTPNetwork services include Telnet and FTPHosts have logs that details network Hosts have logs that details network
transactions and their data and timetransactions and their data and time
Network TechnologyNetwork Technology Attached Resource Computer Network (ARCNET) Attached Resource Computer Network (ARCNET)
Earliest network technologyEarliest network technology Developed by Datapoint Corp in 1970’sDeveloped by Datapoint Corp in 1970’s Used active and passive hubs in the topologyUsed active and passive hubs in the topology Based on token scheme (proprietary)Based on token scheme (proprietary) Speeds from 2.5 Mbps (copper) to 20 Mbps (fiber)Speeds from 2.5 Mbps (copper) to 20 Mbps (fiber)
EthernetEthernet Most popular and accepted technology for networkingMost popular and accepted technology for networking Each computer has a NIC and it is connected to a central Each computer has a NIC and it is connected to a central
hub, switch or routerhub, switch or router Variable speedsVariable speeds Uses Carrier Sense Multiple Access with Collision Detection Uses Carrier Sense Multiple Access with Collision Detection
(CSMA/CD)(CSMA/CD) Like people at a dinner party, when two start talking at the Like people at a dinner party, when two start talking at the
same time, both stop talking and then only one starts same time, both stop talking and then only one starts talking againtalking again
A typical ARCNET configuration. A typical ARCNET configuration.
Network TechnologyNetwork Technology
Fiber Distributed data Interface (FDDI)Fiber Distributed data Interface (FDDI) Encoding pulses of lightEncoding pulses of light Expensive but fastExpensive but fast Data travel in only one directionData travel in only one direction
Developed in mid-1980’sDeveloped in mid-1980’s High Speed backbone connection between High Speed backbone connection between
distributed LANsdistributed LANs Dual Counter Rotating Rings: one primary, one Dual Counter Rotating Rings: one primary, one
secondarysecondary Attach up to 1000 workstations in both directionsAttach up to 1000 workstations in both directions Multiple messages/tokens rotate at the same timeMultiple messages/tokens rotate at the same time
Token PassingToken Passing
Token circulates on a Ring TopologyToken circulates on a Ring Topology Sender acquires free token, attaches Sender acquires free token, attaches
message and sends downstreammessage and sends downstream Receiver copies message and Receiver copies message and
acknowledges same in busy tokenacknowledges same in busy token Original sender responsible for taking the Original sender responsible for taking the
message off the ring and sending a free message off the ring and sending a free token downstreamtoken downstream
Deterministic performanceDeterministic performance Good for factoriesGood for factories Can calculate maximum time to get to a unitCan calculate maximum time to get to a unit
An FDDI network with primary and secondary token rings. During normal conditions, only An FDDI network with primary and secondary token rings. During normal conditions, only one of the rings is used and data travels in one direction. When a station or a cable one of the rings is used and data travels in one direction. When a station or a cable segment fails, the traffic loops to form a closed ring, moving data in the opposite segment fails, the traffic loops to form a closed ring, moving data in the opposite direction.direction.
Network TechnologyNetwork Technology
Asynchronous Transfer Mode (ATM)Asynchronous Transfer Mode (ATM) Uses fiber optics and special equipment called Uses fiber optics and special equipment called
ATM switchesATM switches Gigbts/sec communication rateGigbts/sec communication rate Establishes a connection firstEstablishes a connection first ATM switch is connected to a large networkATM switch is connected to a large network
Connection-oriented protocol (over virtual Connection-oriented protocol (over virtual paths and/or channels)paths and/or channels)
Backbone Technology; switch-based; fiber Backbone Technology; switch-based; fiber basedbased
WirelessWireless
WLAN – uses RF technologyWLAN – uses RF technology WAP – Wireless Access Point – WAP – Wireless Access Point –
connects to wired LAN; acts as a connects to wired LAN; acts as a wireless hubwireless hub
WLAN Adapters – wireless NICs with WLAN Adapters – wireless NICs with antennasantennas
Wireless supports peer-to-peer Wireless supports peer-to-peer without WAPswithout WAPs
IEEE 802.11gIEEE 802.11g
Speeds of 1-54 MbpsSpeeds of 1-54 MbpsUses the 2.4GHz bandUses the 2.4GHz band Is backwards compatible with IEEE Is backwards compatible with IEEE
802.11b802.11bRatified in June of 2003Ratified in June of 2003
802.11 Wireless Security Issues802.11 Wireless Security Issues
Easy to “listen” for id and passwordEasy to “listen” for id and passwordEasy to mimic in order to gain access Easy to mimic in order to gain access
to the wired Networkto the wired NetworkEarliest Protection was WEP – Wired Earliest Protection was WEP – Wired
Equivalent Privacy – which was easy Equivalent Privacy – which was easy to crackto crack
WPAWPA
Wi-Fi Protected AccessWi-Fi Protected AccessReplacement for WEPReplacement for WEPWPA password initiates encryptionWPA password initiates encryptionEncryption key changes every packetEncryption key changes every packetMuch harder to crack than WEPMuch harder to crack than WEPDoes not work in Ad Hoc ModeDoes not work in Ad Hoc Mode
BluetoothBluetooth
A wireless standard; short rangeA wireless standard; short rangeUsed to connect network appliances, Used to connect network appliances,
printers, …printers, …Low Power; max speed – 1Mbps over Low Power; max speed – 1Mbps over
30 foot area or less30 foot area or lessOperates in the 2.4GHz band and can Operates in the 2.4GHz band and can
interfere with 802.11binterfere with 802.11bConnects devices point to pointConnects devices point to point
A WLAN with two access points. A WLAN with two access points.
Wireless standards. Wireless standards.
Multiple access points with overlapping coverage. Multiple access points with overlapping coverage.
OSI Reference ModelOSI Reference Model
Provides useful way to describe Provides useful way to describe and think about networkingand think about networking
Breaks networking down into Breaks networking down into series of related tasksseries of related tasks
Each aspect is conceptualized as Each aspect is conceptualized as a layer a layer
Each task can be handled Each task can be handled separatelyseparately
The OSI Communications The OSI Communications Reference ModelReference Model
OSI – Open Systems Interconnection OSI – Open Systems Interconnection Committee of ISOCommittee of ISO
Reference adopted in 1978 (took 6 Reference adopted in 1978 (took 6 yrs)yrs)
Resulted in very little actual product Resulted in very little actual product (software)(software)
Is THE standard for describing Is THE standard for describing networks; the networks; the linqua francalinqua franca of of networking world widenetworking world wide
Understanding LayersUnderstanding Layers
Layering helps clarify process of Layering helps clarify process of networkingnetworking
Groups related tasks & Groups related tasks & requirementsrequirements
OSI model provides theoretical OSI model provides theoretical frame of referenceframe of referenceClarifies what networks are Clarifies what networks are Explains how they workExplains how they work
OSI Reference Model OSI Reference Model StructureStructure
Breaks networked communications Breaks networked communications into even layers:into even layers:ApplicationApplicationPresentationPresentationSessionSessionTransportTransportNetworkNetworkData LinkData LinkPhysicalPhysical
OSI Reference Model OSI Reference Model StructureStructure
Each layer responsible for different Each layer responsible for different aspect of data exchange aspect of data exchange
Each layer puts electronic envelope Each layer puts electronic envelope around data as it sends it down layers around data as it sends it down layers or removes it as it travels up layers for or removes it as it travels up layers for deliverydelivery
Each layer of OSI model communicates Each layer of OSI model communicates and interacts with layers immediately and interacts with layers immediately above and below itabove and below it
OSI Reference Model OSI Reference Model StructureStructure
Interface boundaries separate Interface boundaries separate layerslayers
Individual layer communicates Individual layer communicates only adjacent layers only adjacent layers
““Peer layers” describes logical or Peer layers” describes logical or virtual communication between virtual communication between same layer on both sending and same layer on both sending and receiving computersreceiving computers
Relationships Among Relationships Among OSI LayersOSI Layers
OSI Reference Model OSI Reference Model StructureStructure
Date is broken into Date is broken into packetspackets or or PDUsPDUs as it as it moves down stackmoves down stackPDU stands for protocol data unit, packet data PDU stands for protocol data unit, packet data
unit, or payload data unitunit, or payload data unitPDU is self-contained data structure from one PDU is self-contained data structure from one
layer to anotherlayer to anotherAt sending end, each layer adds special formatting At sending end, each layer adds special formatting
or addressing to PDUor addressing to PDUAt receiving end, each layer reads packet and At receiving end, each layer reads packet and
strips off information added by corresponding layer strips off information added by corresponding layer at sending endat sending end
Application LayerApplication Layer
Layer 7 is top layer of OSI reference Layer 7 is top layer of OSI reference modelmodel
Provides general network accessProvides general network accessIncludes set of interfaces for Includes set of interfaces for
applications to access variety of applications to access variety of networked services such as:networked services such as:File transferFile transferE-mail message handlingE-mail message handlingDatabase query processingDatabase query processing
May also include error recoveryMay also include error recovery
Presentation LayerPresentation Layer
Layer 6 handles data formatting and Layer 6 handles data formatting and protocol conversionprotocol conversion
Converts outgoing data to generic Converts outgoing data to generic networked formatnetworked format
Does data encryption and decryptionDoes data encryption and decryptionHandles character set issues and Handles character set issues and
graphics commandsgraphics commandsMay include data compressionMay include data compression Includes redirector software that Includes redirector software that
redirects service requests across redirects service requests across networknetwork
Session LayerSession Layer Layer 5 opens and closes sessionsLayer 5 opens and closes sessions Performs data and message exchangesPerforms data and message exchanges Monitors session identification and securityMonitors session identification and security
Performs name lookup and user login and Performs name lookup and user login and logoutlogout
Provides synchronization services on both Provides synchronization services on both endsends
Determines which side transmits data, Determines which side transmits data, when, and for how longwhen, and for how long
Transmits keep-alive messages to keep Transmits keep-alive messages to keep connection open during periods of connection open during periods of inactivityinactivity
Transport LayerTransport Layer
Layer 4 conveys data from sender Layer 4 conveys data from sender to receiverto receiver
Breaks long data payloads into Breaks long data payloads into chunks called segmentschunks called segments
Includes error checksIncludes error checksRe-sequences chunks into original Re-sequences chunks into original
data on receiptdata on receiptHandles flow controlHandles flow control
Network LayerNetwork LayerLayer 3 addresses messages for deliveryLayer 3 addresses messages for deliveryTranslates logical network address into Translates logical network address into
physical MAC addressphysical MAC addressDecides how to route transmissionsDecides how to route transmissionsHandles packet switching, data routing, and Handles packet switching, data routing, and
congestion controlcongestion controlThrough fragmentation or segmentation, Through fragmentation or segmentation,
breaks data segments from Layer 4 into breaks data segments from Layer 4 into smaller data packetssmaller data packets
Reassembles data packets on receiving endReassembles data packets on receiving end
Data Link LayerData Link LayerLayer 2Layer 2 creates data frames to send to creates data frames to send to
Layer 1Layer 1On receiving side, takes raw data from On receiving side, takes raw data from
Layer 1 and packages into data framesLayer 1 and packages into data framesData frame is basic unit for network traffic on Data frame is basic unit for network traffic on
the wirethe wireSee next slide for contents of typical data See next slide for contents of typical data
frameframePerforms Cyclic Redundancy Check (CRC) Performs Cyclic Redundancy Check (CRC)
to verify data integrityto verify data integrityDetects errors and discards frames Detects errors and discards frames
containing errorscontaining errors
Data FrameData Frame
Physical LayerPhysical Layer
Layer 1 converts bits into signals for Layer 1 converts bits into signals for outgoing messages and signals into bits outgoing messages and signals into bits for incoming messagesfor incoming messages
Manages computer’s interface to mediumManages computer’s interface to medium Instructs driver software and network Instructs driver software and network
interface to send data across mediuminterface to send data across mediumSets timing and interpretation of signals Sets timing and interpretation of signals
across mediumacross mediumTranslates and screens incoming data for Translates and screens incoming data for
delivery to receiving computerdelivery to receiving computer
Actions of Each layer of Actions of Each layer of OSI Reference ModelOSI Reference Model
OSI in SummaryOSI in Summary
The Reference Model breaks the The Reference Model breaks the communication process into seven communication process into seven distinct and independent layersdistinct and independent layers
Each layer’s functionality is well Each layer’s functionality is well defined as is its interface with defined as is its interface with surrounding layers and peer layerssurrounding layers and peer layers
Lower layers service upper layers in Lower layers service upper layers in sequencesequence
Network interconnection hardware operates at various layers of Network interconnection hardware operates at various layers of the OSI model.the OSI model.